There are two options: [email protected] and 0tt3r8r33z3.
Only the second one is the correct answer: CTF{0tt3r8r33z3}

5 - Name Game 2 - 150 Points

From a little research we found that the username of the logged on character is always after this signature: 0x64 0x??{6-8} 0x40 0x06 0x??{18} 0x5a 0x0c 0x00{2}>What’s rick’s character’s name? format:

The username should be in the dump of the client memory, so let’s get it.

$ vol.py -f OtterCTF.vmem --profile=Win7SP1x64 memdump -D.-p 708

Then we search the signature (we use a portion of the real signature, that is 5A 0C 00 00 beacause it was easier) with an hexeditor and read the following bytes.
There are only 185 occurency: by reading them one by one we find that the 40th is the correct one: 5A 0C 00 00 4D 30 72 74 79 4C 30 4C.
Here’s the flag: CTF{M0rtyL0L}

6 - Silly Rick - 100 Points

Silly rick always forgets his email’s password, so he uses a Stored Password Services online to store his password. He always copy and paste the password so he will not get it wrong. whats rick’s email password?

So we search for strings OtterCTF.vmem | grep WIN-LO6FAF3DTFE-Rick… but nothing happened :-( .
By default, .NET encodes string as UTF-16, hence we need to specify this behaviour to the strings command:

we notice hidden-tear-master, that’s the name of an opensource cryptolocker on GitHub (Link to repo)
So, downloading the decoder included in the repo, and spending 5 minutes adapting it to our case, we are able to dechiper the encrypted file and get the flag: CTF{[email protected]_B3S7_RicK_0f_Th3m_4ll}